Hacker News new | comments | show | ask | jobs | submit login

Sorry, would you mind clarifying? Any Ruby app? So a Sinatra app which happened to YAML.load would also be at risk?



Yes, if attackers controlled the content of the YAML message.


In much the same way that letting attackers control the parameters to fork() would be a bad idea for a C program or letting attackers control the parameters to Runtime.exec() would be a bad idea for a Java program.

This is a Rails vulnerability, not a Ruby vulnerability.




Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: